Vulnerabilites related to Adobe - InDesign
CVE-2022-38414 (GCVE-0-2022-38414)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:05:02.961442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:36.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:31.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-38414",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-38414",
"datePublished": "2022-09-16T17:20:31.496Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:36.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39821 (GCVE-0-2021-39821)
Vulnerability from cvelistv5
Published
2021-09-29 15:36
Modified
2025-04-23 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:33.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:31.934368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:26:46.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "16.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T15:25:09.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-08-17T23:00:00.000Z",
"ID": "CVE-2021-39821",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.3"
},
{
"version_affected": "\u003c=",
"version_value": "16.3.2"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-39821",
"datePublished": "2021-09-29T15:36:44.699Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:26:46.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30673 (GCVE-0-2022-30673)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:24.863249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:43.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:28.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-30673",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30673",
"datePublished": "2022-09-16T17:20:28.459Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:43.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30658 (GCVE-0-2022-30658)
Vulnerability from cvelistv5
Published
2022-06-16 16:58
Modified
2025-04-23 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:34.134827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:11:11.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T16:58:58.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30658",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30658",
"datePublished": "2022-06-16T16:58:58.983Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:11:11.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9729 (GCVE-0-2020-9729)
Vulnerability from cvelistv5
Published
2020-09-10 18:29
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer ()
Summary
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:03.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T18:29:21",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds memory access could lead to code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2020-09-08T23:00:00.000Z",
"ID": "CVE-2020-9729",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds memory access could lead to code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "15.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-9729",
"datePublished": "2020-09-10T18:29:21.600721Z",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-09-17T02:11:09.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29315 (GCVE-0-2023-29315)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:27.289020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:52:55.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:47.286Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-008] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VI Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29315",
"datePublished": "2023-07-12T15:56:47.286Z",
"dateReserved": "2023-04-04T20:46:42.581Z",
"dateUpdated": "2025-03-05T18:52:55.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9727 (GCVE-0-2020-9727)
Vulnerability from cvelistv5
Published
2020-09-10 18:29
Modified
2024-09-17 04:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer ()
Summary
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:03.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T18:29:34",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds memory access could lead to code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2020-09-08T23:00:00.000Z",
"ID": "CVE-2020-9727",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds memory access could lead to code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "15.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-9727",
"datePublished": "2020-09-10T18:29:34.345611Z",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-09-17T04:13:46.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30672 (GCVE-0-2022-30672)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:30.396094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:56.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:22.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-30672",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30672",
"datePublished": "2022-09-16T17:20:22.862Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:56.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34245 (GCVE-0-2022-34245)
Vulnerability from cvelistv5
Published
2022-07-15 15:48
Modified
2025-04-23 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:14.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:07:00.593605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:58:59.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T15:48:43.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-07-12T23:00:00.000Z",
"ID": "CVE-2022-34245",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-34245",
"datePublished": "2022-07-15T15:48:43.882Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:58:59.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24421 (GCVE-0-2020-24421)
Vulnerability from cvelistv5
Published
2020-10-21 21:28
Modified
2024-09-16 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T12:41:39",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2020-10-20T23:00:00.000Z",
"ID": "CVE-2020-24421",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 15.1.2 NULL Pointer Dereference Bug"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "15.1.2"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference (CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-66.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-24421",
"datePublished": "2020-10-21T21:28:07.197764Z",
"dateReserved": "2020-08-19T00:00:00",
"dateUpdated": "2024-09-16T20:07:07.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29308 (GCVE-0-2023-29308)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:36:34.932658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:51:35.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:53.091Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-009] Adobe InDesign 2023 Arbitrary Code Execution Vulnerability Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29308",
"datePublished": "2023-07-12T15:56:53.091Z",
"dateReserved": "2023-04-04T20:46:42.579Z",
"dateUpdated": "2025-03-05T18:51:35.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21590 (GCVE-0-2023-21590)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-03-05 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:45:10.770217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:35:17.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21590",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-03-05T19:35:17.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30663 (GCVE-0-2022-30663)
Vulnerability from cvelistv5
Published
2022-06-16 17:00
Modified
2025-04-23 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:22.752220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:10:36.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T17:00:57.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30663",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30663",
"datePublished": "2022-06-16T17:00:57.268Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:10:36.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21098 (GCVE-0-2021-21098)
Vulnerability from cvelistv5
Published
2021-06-28 13:42
Modified
2025-04-23 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:13.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:19:05.295427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:41:18.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T13:42:06.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-04-13T23:00:00.000Z",
"ID": "CVE-2021-21098",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.0"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21098",
"datePublished": "2021-06-28T13:42:06.752Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:41:18.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30665 (GCVE-0-2022-30665)
Vulnerability from cvelistv5
Published
2022-06-16 17:01
Modified
2025-04-23 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:19.509184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:10:29.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T17:01:21.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30665",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30665",
"datePublished": "2022-06-16T17:01:21.238Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:10:29.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29316 (GCVE-0-2023-29316)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:22.144812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:52:39.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:49.368Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-012] Adobe InDesign 2023 Out-of-Bound Read Vulnerability IX Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29316",
"datePublished": "2023-07-12T15:56:49.368Z",
"dateReserved": "2023-04-04T20:46:42.581Z",
"dateUpdated": "2025-03-05T18:52:39.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34247 (GCVE-0-2022-34247)
Vulnerability from cvelistv5
Published
2022-07-15 15:48
Modified
2025-04-23 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:14.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:06:57.584612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:58:52.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T15:48:49.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-07-12T23:00:00.000Z",
"ID": "CVE-2022-34247",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-34247",
"datePublished": "2022-07-15T15:48:49.374Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:58:52.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7107 (GCVE-0-2019-7107)
Vulnerability from cvelistv5
Published
2019-05-23 15:40
Modified
2024-08-04 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unsafe Hyperlink Processing
Summary
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb19-23.html"
},
{
"name": "107821",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107821"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"status": "affected",
"version": "14.0.1 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsafe Hyperlink Processing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T15:03:54",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb19-23.html"
},
{
"name": "107821",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107821"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-7107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_value": "14.0.1 and below"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsafe Hyperlink Processing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb19-23.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/indesign/apsb19-23.html"
},
{
"name": "107821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107821"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-7107",
"datePublished": "2019-05-23T15:40:57",
"dateReserved": "2019-01-28T00:00:00",
"dateUpdated": "2024-08-04T20:38:33.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28854 (GCVE-0-2022-28854)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:41.942614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:07:20.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:10.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-28854",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-28854",
"datePublished": "2022-09-16T17:20:10.927Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:07:20.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34246 (GCVE-0-2022-34246)
Vulnerability from cvelistv5
Published
2022-07-15 15:48
Modified
2025-04-23 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:14.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:07:03.673698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:59:05.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T15:48:39.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-07-12T23:00:00.000Z",
"ID": "CVE-2022-34246",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-34246",
"datePublished": "2022-07-15T15:48:39.120Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:59:05.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29309 (GCVE-0-2023-29309)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:16.321627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:52:18.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:51.512Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-003] Adobe InDesign 2023 Out-of-Bound Read Vulnerability Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29309",
"datePublished": "2023-07-12T15:56:51.512Z",
"dateReserved": "2023-04-04T20:46:42.579Z",
"dateUpdated": "2025-03-05T18:52:18.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30675 (GCVE-0-2022-30675)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:22.301104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:31.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:34.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-30675",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30675",
"datePublished": "2022-09-16T17:20:34.298Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:31.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29311 (GCVE-0-2023-29311)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:04.588075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:51:13.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:55.577Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-006] Adobe InDesign 2023 Out-of-Bound Read Vulnerability IV Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29311",
"datePublished": "2023-07-12T15:56:55.577Z",
"dateReserved": "2023-04-04T20:46:42.579Z",
"dateUpdated": "2025-03-05T18:51:13.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30660 (GCVE-0-2022-30660)
Vulnerability from cvelistv5
Published
2022-06-16 16:59
Modified
2024-09-17 02:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T16:59:47",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_ConverterErrors": {
"DATE_PUBLIC": {
"error": "v4 DATE_PUBLIC is invalid",
"message": "(\u0027Unknown string format:\u0027, \u0027NoneT23:00:00.000Z\u0027)"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "NoneT23:00:00.000Z",
"ID": "CVE-2022-30660",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30660",
"datePublished": "2022-06-16T16:59:47.617257Z",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-09-17T02:22:04.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28857 (GCVE-0-2022-28857)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:36.129718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:07:08.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:17.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-28857",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-28857",
"datePublished": "2022-09-16T17:20:17.187Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:07:08.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30676 (GCVE-0-2022-30676)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:18.894402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:13.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:42.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-30676",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30676",
"datePublished": "2022-09-16T17:20:42.887Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:13.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39822 (GCVE-0-2021-39822)
Vulnerability from cvelistv5
Published
2023-07-20 06:23
Modified
2025-03-05 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:33.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:36:29.177722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:48:29.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2021-09-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-20T06:23:11.876Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-39822",
"datePublished": "2023-07-20T06:23:11.876Z",
"dateReserved": "2021-08-23T20:02:58.048Z",
"dateUpdated": "2025-03-05T18:48:29.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38413 (GCVE-0-2022-38413)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:56.704995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:19.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:39.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-38413",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-38413",
"datePublished": "2022-09-16T17:20:40.005Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:19.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45058 (GCVE-0-2021-45058)
Vulnerability from cvelistv5
Published
2022-01-13 20:27
Modified
2025-04-23 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:14:00.461393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:12:39.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T20:27:36.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-01-11T23:00:00.000Z",
"ID": "CVE-2021-45058",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-45058",
"datePublished": "2022-01-13T20:27:36.330Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:12:39.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42731 (GCVE-0-2021-42731)
Vulnerability from cvelistv5
Published
2021-11-16 21:10
Modified
2025-04-23 19:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow ()
Summary
Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-107.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:06.796468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:22:38.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow (CWE-120)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-16T21:10:21.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-107.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Indesign Buffer Overflow Could Lead to Remote Code Execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42731",
"STATE": "PUBLIC",
"TITLE": "Adobe Indesign Buffer Overflow Could Lead to Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow (CWE-120)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-107.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-107.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-42731",
"datePublished": "2021-11-16T21:10:21.896Z",
"dateReserved": "2021-10-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:22:38.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21591 (GCVE-0-2023-21591)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-03-05 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:41:44.144715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:35:06.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21591",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-03-05T19:35:06.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21592 (GCVE-0-2023-21592)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-03-05 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:41:41.169586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:34:58.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21592",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-03-05T19:34:58.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29319 (GCVE-0-2023-29319)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:30.329017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:53:08.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:46.502Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-010] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VII Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29319",
"datePublished": "2023-07-12T15:56:46.502Z",
"dateReserved": "2023-04-04T20:46:42.583Z",
"dateUpdated": "2025-03-05T18:53:08.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29318 (GCVE-0-2023-29318)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:13.599090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:51:44.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:52.301Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-011] Adobe InDesign 2023 Out-of-Bound Read Vulnerability VIII Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29318",
"datePublished": "2023-07-12T15:56:52.301Z",
"dateReserved": "2023-04-04T20:46:42.582Z",
"dateUpdated": "2025-03-05T18:51:44.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36004 (GCVE-0-2021-36004)
Vulnerability from cvelistv5
Published
2021-07-27 12:09
Modified
2024-09-17 04:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T12:09:26",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign CoolType out of bounds write vulnerability could lead to arbitrary stack manipulation",
"x_ConverterErrors": {
"DATE_PUBLIC": {
"error": "v4 DATE_PUBLIC is invalid",
"message": "(\u0027Unknown string format:\u0027, \u0027NoneT23:00:00.000Z\u0027)"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "NoneT23:00:00.000Z",
"ID": "CVE-2021-36004",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign CoolType out of bounds write vulnerability could lead to arbitrary stack manipulation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.0"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-36004",
"datePublished": "2021-07-27T12:09:26.194198Z",
"dateReserved": "2021-06-30T00:00:00",
"dateUpdated": "2024-09-17T04:00:01.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28852 (GCVE-0-2022-28852)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:05:06.394786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:07:32.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:05.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Write Arbitrary code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-28852",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Write Arbitrary code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-28852",
"datePublished": "2022-09-16T17:20:05.656Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:07:32.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21099 (GCVE-0-2021-21099)
Vulnerability from cvelistv5
Published
2021-06-28 13:42
Modified
2025-04-23 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:13.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:19:02.563007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:41:09.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T13:42:22.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-04-13T23:00:00.000Z",
"ID": "CVE-2021-21099",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.0"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-22.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21099",
"datePublished": "2021-06-28T13:42:22.609Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:41:09.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40727 (GCVE-0-2021-40727)
Vulnerability from cvelistv5
Published
2022-06-15 16:56
Modified
2025-04-23 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer ()
Summary
Access of Memory Location After End of Buffer (CWE-788
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-40727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:09:49.181377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:15:01.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Access of Memory Location After End of Buffer (CWE-788"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T16:56:50.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign crashes when parsing the TIF file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-09-14T23:00:00.000Z",
"ID": "CVE-2021-40727",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign crashes when parsing the TIF file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-40727",
"datePublished": "2022-06-15T16:56:50.320Z",
"dateReserved": "2021-09-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:15:01.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38416 (GCVE-0-2022-38416)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:53.535091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:07.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:45.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-38416",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-38416",
"datePublished": "2022-09-16T17:20:45.452Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:07.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9731 (GCVE-0-2020-9731)
Vulnerability from cvelistv5
Published
2020-09-10 18:29
Modified
2024-09-17 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer ()
Summary
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T18:29:05",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds memory access could lead to code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2020-09-08T23:00:00.000Z",
"ID": "CVE-2020-9731",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds memory access could lead to code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "15.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-9731",
"datePublished": "2020-09-10T18:29:05.173886Z",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-09-17T04:09:16.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28855 (GCVE-0-2022-28855)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:33.327656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:07:02.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:20.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-28855",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-28855",
"datePublished": "2022-09-16T17:20:20.073Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:07:02.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42732 (GCVE-0-2021-42732)
Vulnerability from cvelistv5
Published
2022-06-15 16:57
Modified
2024-09-16 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer ()
Summary
Access of Memory Location After End of Buffer (CWE-788)
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T16:57:54",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign crashes when parsing the GIF file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42732",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign crashes when parsing the GIF file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-42732",
"datePublished": "2022-06-15T16:57:54.938172Z",
"dateReserved": "2021-10-19T00:00:00",
"dateUpdated": "2024-09-16T19:55:51.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9728 (GCVE-0-2020-9728)
Vulnerability from cvelistv5
Published
2020-09-10 18:28
Modified
2024-09-16 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer ()
Summary
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T18:28:53",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds memory access could lead to code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2020-09-08T23:00:00.000Z",
"ID": "CVE-2020-9728",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds memory access could lead to code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "15.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-9728",
"datePublished": "2020-09-10T18:28:53.719147Z",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-09-16T23:41:08.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29313 (GCVE-0-2023-29313)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:24.766366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:52:46.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:48.599Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-014] Adobe InDesign 2023 Out-of-Bound Read Vulnerability XI Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29313",
"datePublished": "2023-07-12T15:56:48.599Z",
"dateReserved": "2023-04-04T20:46:42.581Z",
"dateUpdated": "2025-03-05T18:52:46.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21589 (GCVE-0-2023-21589)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-03-05 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:45:14.856673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:35:26.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21589",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-03-05T19:35:26.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39820 (GCVE-0-2021-39820)
Vulnerability from cvelistv5
Published
2022-06-15 16:53
Modified
2025-04-23 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:33.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-39820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:09:52.139013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:15:07.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2021-09-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T08:13:00.331Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-39820",
"datePublished": "2022-06-15T16:53:55.086Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:15:07.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29312 (GCVE-0-2023-29312)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:10.356703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:51:28.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:53.906Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-004] Adobe InDesign 2023 Out-of-Bound Read Vulnerability II Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29312",
"datePublished": "2023-07-12T15:56:53.906Z",
"dateReserved": "2023-04-04T20:46:42.579Z",
"dateUpdated": "2025-03-05T18:51:28.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21593 (GCVE-0-2023-21593)
Vulnerability from cvelistv5
Published
2023-02-17 00:00
Modified
2025-03-05 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-12.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:41:03.557401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:26:57.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "ID17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-12.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign SVG file NULL Pointer Dereference Application denial-of-service"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21593",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-03-05T19:26:57.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34248 (GCVE-0-2022-34248)
Vulnerability from cvelistv5
Published
2022-07-15 15:48
Modified
2025-04-23 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:14.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:05:46.157234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:59:12.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T15:48:31.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-07-12T23:00:00.000Z",
"ID": "CVE-2022-34248",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-34248",
"datePublished": "2022-07-15T15:48:31.826Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:59:12.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45059 (GCVE-0-2021-45059)
Vulnerability from cvelistv5
Published
2022-01-13 20:27
Modified
2025-04-23 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free ()
Summary
Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:50.255596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:12:25.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T20:27:38.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-01-11T23:00:00.000Z",
"ID": "CVE-2021-45059",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 3.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free (CWE-416)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-45059",
"datePublished": "2022-01-13T20:27:38.735Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:12:25.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30659 (GCVE-0-2022-30659)
Vulnerability from cvelistv5
Published
2022-06-16 16:59
Modified
2025-04-23 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:31.323079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:11:01.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T16:59:21.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30659",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30659",
"datePublished": "2022-06-16T16:59:21.967Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:11:01.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30661 (GCVE-0-2022-30661)
Vulnerability from cvelistv5
Published
2022-06-16 17:00
Modified
2025-04-23 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:28.592502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:10:53.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T17:00:11.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30661",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30661",
"datePublished": "2022-06-16T17:00:11.795Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:10:53.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28853 (GCVE-0-2022-28853)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:05:10.746055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:07:37.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:02.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Write Arbitrary code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-28853",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Write Arbitrary code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-28853",
"datePublished": "2022-09-16T17:20:02.297Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:07:37.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30662 (GCVE-0-2022-30662)
Vulnerability from cvelistv5
Published
2022-06-16 17:00
Modified
2025-04-23 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:08:25.517297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:10:46.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T17:00:34.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30662",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.1"
},
{
"version_affected": "\u003c=",
"version_value": "17.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-30.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30662",
"datePublished": "2022-06-16T17:00:34.754Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:10:46.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30671 (GCVE-0-2022-30671)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:38.894281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:07:14.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:14.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-30671",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30671",
"datePublished": "2022-09-16T17:20:14.098Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:07:14.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38415 (GCVE-0-2022-38415)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:59.461225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:25.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:37.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-38415",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-38415",
"datePublished": "2022-09-16T17:20:37.526Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:25.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29310 (GCVE-0-2023-29310)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:33.231689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:53:18.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:45.198Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-007] Adobe InDesign 2023 Out-of-Bound Read Vulnerability V Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29310",
"datePublished": "2023-07-12T15:56:45.198Z",
"dateReserved": "2023-04-04T20:46:42.579Z",
"dateUpdated": "2025-03-05T18:53:18.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30674 (GCVE-0-2022-30674)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
},
{
"name": "FEDORA-2022-d93b3bd8b9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/"
},
{
"name": "FEDORA-2022-c22feb71ba",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/"
},
{
"name": "FEDORA-2022-dcb1d7bcb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:27.612652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:49.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
},
{
"name": "FEDORA-2022-d93b3bd8b9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/"
},
{
"name": "FEDORA-2022-c22feb71ba",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/"
},
{
"name": "FEDORA-2022-dcb1d7bcb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30674",
"datePublished": "2022-09-16T17:20:25.733Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:49.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29314 (GCVE-0-2023-29314)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:07.206620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:51:21.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:54.814Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-013] Adobe InDesign 2023 Out-of-Bound Read Vulnerability X Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29314",
"datePublished": "2023-07-12T15:56:54.814Z",
"dateReserved": "2023-04-04T20:46:42.581Z",
"dateUpdated": "2025-03-05T18:51:21.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29317 (GCVE-0-2023-29317)
Vulnerability from cvelistv5
Published
2023-07-12 15:56
Modified
2025-03-05 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:35:19.373026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:52:30.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-07-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T15:56:50.730Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-38.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "[FG-VD-23-005] Adobe InDesign 2023 Out-of-Bound Read Vulnerability III Notification"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29317",
"datePublished": "2023-07-12T15:56:50.730Z",
"dateReserved": "2023-04-04T20:46:42.581Z",
"dateUpdated": "2025-03-05T18:52:30.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38417 (GCVE-0-2022-38417)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:04.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:50.652232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:06:00.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:48.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-38417",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-38417",
"datePublished": "2022-09-16T17:20:48.382Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:06:00.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21588 (GCVE-0-2023-21588)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-03-05 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation ()
Summary
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:45:17.684342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:35:33.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Improper Input Validation Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21588",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-03-05T19:35:33.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45057 (GCVE-0-2021-45057)
Vulnerability from cvelistv5
Published
2022-01-13 20:27
Modified
2025-04-23 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write ()
Summary
Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-45057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:13:57.336508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:12:31.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T20:27:37.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-01-11T23:00:00.000Z",
"ID": "CVE-2021-45057",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG2000 file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-05.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-45057",
"datePublished": "2022-01-13T20:27:37.525Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:12:31.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28856 (GCVE-0-2022-28856)
Vulnerability from cvelistv5
Published
2022-09-16 17:20
Modified
2025-04-23 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read ()
Summary
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28856",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:04:44.902566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:07:26.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "16.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T17:20:08.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign 2022 Out-of-Bound Read Memory leak",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-09-13T23:00:00.000Z",
"ID": "CVE-2022-28856",
"STATE": "PUBLIC",
"TITLE": "Adobe InDesign 2022 Out-of-Bound Read Memory leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "16.4.2"
},
{
"version_affected": "\u003c=",
"version_value": "17.3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-28856",
"datePublished": "2022-09-16T17:20:08.306Z",
"dateReserved": "2022-04-08T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:07:26.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9730 (GCVE-0-2020-9730)
Vulnerability from cvelistv5
Published
2020-09-10 18:29
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer ()
Summary
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:03.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T18:29:12",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds memory access could lead to code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2020-09-08T23:00:00.000Z",
"ID": "CVE-2020-9730",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds memory access could lead to code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InDesign",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "15.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/indesign/apsb20-52.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2020-9730",
"datePublished": "2020-09-10T18:29:12.892198Z",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-09-16T20:52:48.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21587 (GCVE-0-2023-21587)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-03-05 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow ()
Summary
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:45:20.892388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:35:40.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "18.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-13T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/indesign/apsb23-07.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe InDesign Font Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-21587",
"datePublished": "2023-01-13T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-03-05T19:35:40.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}